Part 2. Use Cases (40 points). Consider examples of such signed records R (as in Part 1) from systems we discussed.

Similar documents
Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Chapter 9: Key Management

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

Spring 2010: CS419 Computer Security

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Security: Focus of Control

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

Distributed Systems Final Exam

Cryptographic Checksums

Foundations of Network and Computer Security

Cryptography and Network Security Chapter 14

Innovative uses as result of DNSSEC

DNSSEC. CS 161: Computer Security Prof. David Wagner. April 11, 2016

Cryptographic Protocols 1

Bitcoin, Security for Cloud & Big Data

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

DNS Security. * pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi

Uniform Resource Locators (URL)

EECS 498 Introduction to Distributed Systems

Bitcoin, a decentralized and trustless protocol

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Crypto meets Web Security: Certificates and SSL/TLS

Network Security - ISA 656 IPsec IPsec Key Management (IKE)

CS 425 / ECE 428 Distributed Systems Fall 2017

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Operating Systems Design Exam 3 Review: Spring 2011

Security & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph

1. Diffie-Hellman Key Exchange

Some Lessons Learned from Designing the Resource PKI

A Security Evaluation of DNSSEC with NSEC Review

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Using Cryptography CMSC 414. October 16, 2017

Toward Unspoofable Network Identifiers. CS 585 Fall 2009

DNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d

18-642: Cryptography 11/15/ Philip Koopman

3. The DNSSEC Primer. Data Integrity (hashes) Authenticated Denial of Existence (NSEC,

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

CS /29/17. Paul Krzyzanowski 1. Fall 2016: Question 2. Distributed Systems. Fall 2016: Question 2 (cont.) Fall 2016: Question 3

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

CONIKS: Bringing Key Transparency to End Users

CPS 310 final exam, 5/1/2014

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Public-Key Infrastructure NETS E2008

Encryption. INST 346, Section 0201 April 3, 2018

CS Computer Networks 1: Authentication

DOMAIN NAME SECURITY EXTENSIONS

Securing Connections with Digital Certificates in Router OS. By Ezugu Magnus PDS Nigeria

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CT30A8800 Secured communications

Distributed Systems Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2016

SecSpider: Distributed DNSSEC Monitoring and Key Learning

Grenzen der Kryptographie

Trust Infrastructure of SSL

Cryptography (Overview)

Crypto Basics: History, Applied Cryptography in IT Security Today and in the Next Year

What did we talk about last time? Public key cryptography A little number theory

Computer Security CS 426

On the Internet, nobody knows you re a dog.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Diffie-Hellman. Part 1 Cryptography 136

Information Security CS 526

Internet Engineering Task Force (IETF) Category: Informational October 2011 ISSN:

Key Management and Distribution

Topics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CS 161 Computer Security

Data Security and Privacy. Topic 14: Authentication and Key Establishment

1 Identification protocols

The Kerberos Authentication Service

CSC 482/582: Computer Security. Security Protocols

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Key Agreement Schemes

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

I certify that this DNS record set is correct Problem: how to certify a negative response, i.e. that a record doesn t exist?

Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.

CS 161 Computer Security

More on DNS and DNSSEC

Problem: Equivocation!

Authentication and Key Distribution

Authentication Part IV NOTE: Part IV includes all of Part III!

No, the bogus packet will fail the integrity check (which uses a shared MAC key).!

ENEE 457: E-Cash and Bitcoin

Security: Focus of Control. Authentication

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

CS 161 Computer Security

CS Computer and Network Security: PKI

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

Public Key Algorithms

PROVING WHO YOU ARE TLS & THE PKI

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Transcription:

CPS 512 midterm exam #1, 10/5/17 Your name please: NetID: Sign for your honor: Part 1. Digital Signatures (25 points). Suppose that a principal Alice (A) signs a message/record (R) that is received by another party Bob (B), who validates the signature. Suppose R is sent over an insecure network connection and that malicious Mark (M) can intercept R as it transits the network from A to B. Are the following statements rue or False? Indicate your answer in the box at the left of each statement. You may comment further in the space on the right if you wish. F F (a) As R s content grows in size, the size of its signature also grows. (b) As R s content grows in size, the cost to sign or validate R also grows. (c) M must obtain B s public key in order to read (or decrypt) the content of R. (d) B must obtain A s public key in order to validate the signature of R. (e) M must obtain A s private key in order to modify the content of R without detection. Part 2. Use Cases (40 points). Consider examples of such signed records R (as in Part 1) from systems we discussed. (a) List four examples. Number them. Use names/keywords for the systems and records: don t explain how or why they generate or sign the records. (b) For which of your numbered examples in (a) does the signed R contain the public key of A or B (or a hash of the key)? (c) For which of your numbered examples in (a) does R contain the public key (or its hash) of another principal C, other than A or B? (d) For each of the examples in (c), what other information does R contain about C? 1. DNSSEC response record (signed by authority for parent domain) 2. SSL certificate (signed by issuing CA) 3. Bitcoin transaction record (signed by payer) 4. SSO identity binding from identity provider 5. I accepted: Bitcoin/blockchain block as signed by miner I accepted any reasonable answers here. In general, B must know the public key of A (or its hash) from some other source to know whether to trust A. (One exception is #3 bitcoin transaction record.) In general, for part 2 I gave 5 points for each record example, and 5 more for the right relevant information spread across b, c, d, sufficient to show that you understood the example. he question has an unintended complexity in that it specifies that the sender is the issuer (A), but the interesting case for SSL certificates is when the sender is the holder, and the cert has the holder s public key but is signed by a CA. I accepted any answers that made clear when there are three parties involved: 1. C is subdomain authority à C s pub key hash, IP, and DNS name. 2. C is server à C s pub key/hash and Distinguished Name (DNS name). 3. C is payee à C s pub key hash and transaction amount. 4. No pub key for C. 5. Block contains transaction records; see #3.

CPS 512 midterm exam #1, 10/5/17, page 2 of 4 Part 3. Blockchain (35 points). hese questions apply to a blockchain system: a set of nodes organized in a broadcast network to maintain a global ledger of operations. You may presume that the blockchain functions like the example we discussed: Bitcoin. he ledger is broken into blocks; each node accepts the longest chain of valid blocks (that it knows of) as the current ledger. (a) On average, how many nonces must a miner try before it finds a nonce that yields a block hash that begins with 4 leading zero bits? (b) How many if the block hash must begin with 8 leading zero bits? (c) Propose a strategy for the miner to select the candidate nonces to maximize its chances of finding a good one quickly. (d) If the miner controls 10% of the computing (mining) power in the network, what are its chances of succeeding to mine the next block in the chain? (e) How does a node in the network know the order of the blocks in the longest chain? 1/16 probability that any random nonce qualifies à 16 trials on average. he key here is to understand how the difficulty of the puzzle grows as we add bits to the zero prefix. 1/256 probability that any random nonce qualifies à 256 trials on average. here is no alternative to brute force. he simplest is to try candidate nonces in a fixed pattern (e.g., increment by 1) to avoid trying the same candidate twice. he only way to speed it up is to add more compute power. 10%. he probability of winning is proportional to the rate at which the miner generates candidate nonces. he competitors control 1 10% == 90%, so this miner generates only 10% of the candidate nonces. Each block has a hash pointer to its predecessor. he question presumes that the node knows the blocks. It is just asking about the order. (f) How does a node in the network know the order of operations in the ledger? (g) A malicious miner M could overwrite portions of the ledger history, if it can produce a new valid block chain that is longer than any other valid chain. What prevents this attack from succeeding? he ledger is an ordered sequence of blocks (per (e)), and each block has a sequence of transactions in an ordered array of slots. If any block B is overwritten/replaced, then every successor of B must also be replaced, since any change invalidates all successor hashes. And every replaced B must have a freshly computed good nonce, or else other nodes reject B and its successors. If all the new blocks are good, then others accept the replacement chain, but only if it is longer than the current chain, which grows all the time as the attack is in progress. So the attacker must outrun the rest of the network: it is either very lucky or it controls a majority of compute power.

CPS 512 midterm exam #1, 10/5/17, page 3 of 4 Part 4. DNS (35 points). Google Public DNS (GPDNS) is a massive-scale DNS resolver that is open for use by any DNS client. Clients of GPDNS request lookups for complete domain names (e.g., www.child.parent.net), and the resolver returns DNS response records for the requested domain name. (a) A lookup request for parent.net returns a DNS server IP address (call it P) that is authoritative for the domain parent.net. How does GPDNS determine the value of P? (b) A lookup for child.parent.net returns no such domain. How does GPDNS determine there is no such domain? (c) Google says GPDNS responds faster (on average) than a local resolver, in part because GPDNS has many clients, including Google s search engines. How does more client activity help GPDNS serve its clients faster? (d) GPDNS uses DNSSEC to validate lookups since 2013. How many decrypt operations does the resolver perform to validate that there is no domain child.parent.net? (e) How does GPDNS obtain the public key for the DNS server (P) that is authoritative for parent.net? (f) GPDNS uses a sharding scheme internally. It has the property that two lookup requests for the same domain name are likely to be handled by the same server. What is the benefit of this property? (g) he GPDNS sharding has the property that two lookups for different domain names are likely to be handled by different servers. What is the benefit of this property? Ask.net, i.e., send a DNS lookup to the authoritative DNS server for top-level domain.net. he lookup responds with P. Send a DNS lookup request to P, which authoritative for the parent domain parent.net. If the domain has no node or subdomain named child, the server returns the error no such domain. Caching. More clients send more requests, so GPDNS can keep its name lookup caches warm. So a larger share of requests are cache hits and save the lookup cost. I accepted 2 or 3. Root signs.net and.net signs parent.net. So that s two decrypt operations to check those signatures. And parent.net signs the no such domain response. For DNSSEC the.net server includes the public key (or hash) for P in its lookup reply (per (a)). Some answers talked about certificates and such, apparently confusing DNSSEC with SSL/LS. More effective caching. Requests for the same domains concentrate on the same servers, leading to more cache hits: if A looks up D and then B looks up D, B s lookup likely finds the cached response from A. It was not enough to say more efficient. Scale. Spreads the request load across more servers, without compromising cache performance. I accepted load balancing or other indications that you understood.

CPS 512 midterm exam #1, 10/5/17, page 4 of 4 Part 5. Security of Google Public DNS (60 points). Google contends that GPDNS is more secure than other DNS resolvers because their infrastructure is secure and implements best practices (including DNSSEC). Even so, Google suggests that clients communicate with GPDNS over a secure (SSL/LS) connection to further protect DNS responses. (a) For an SSL/LS connection as explained in class (e.g., for HPS), how does the client obtain the session key to use with the connection? (10) (b) How does the server obtain the session key to use with the secure connection? (10) (c) How does this use of SSL/LS to connect to GPDNS offer additional security for its users? o answer, summarize an attack that it prevents. (20) he client just makes it up. It could be any random number. he client sends it to the server, encrypted with the server s public key, so that nobody else can obtain it. Man-in-the-middle. An attacker M on the network could attempt to redirect DNS lookups to an attack server that masquerades as GPDNS, or to modify responses in flight. But an SSL connection precludes this attack because M lacks the session key, and so cannot read or modify the requests or responses. (d) Is it secure yet? Summarize any other attack(s) that a client might be vulnerable to, relating specifically to its use of GPDNS. (20) /25 /40 /35 /35 /60 / 5 /200 his is a little bit of a thought question. Here as in 4(e) there was some confusion between the end-to-end protection of SSL/LS with an HP web server and the use of SSL/LS to protect communication for DNS lookups. 1. Google could spy on all of your DNS lookups to see what content you are accessing across the whole Internet. his is the most likely attack, but few mentioned it. No slur against Google here: it s legal and it s just business. 2. Google or GPDNS admins could be evil or go rogue (or get hacked) and return bad responses. 3. Various attacks could break SSL and allow M of part(c) to complete an attack: a compromised or rogue CA issues bogus certificates for M to masquerade as GPDNS, or Google loses its private key and M finds it. 4. Denial of service attacks, etc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback